如何在kibana中执行sql查询…

方式1

1
2
3
4
5
6
7
8

get /_xpack/sql?format=txt
{
  "query": "
    select spanId, avg(elapsed),count(1) from  \"sc-log-wbjr_2022-01-21\" 
    group by spanId having count(1) >100 
    order by count(1) desc
    "
}

转移索引名字"xxx"

方式2

1
2
3
4
5
6
7
8

get /_xpack/sql?format=txt
{
  "query": """
    select spanId, avg(elapsed),count(1) from "sc-log-wbjr_2022-01-21" 
    group by spanId having count(1) >100 
    order by count(1) desc
    """
}

“““x””” 包裹,不用转义索引。仅仅索引被"index_name"

总结

方式1可以直接在postman发送post请求查询结果 方式2只能在kibann-dev-tool中使用